modrobert writes: "Yifan Lu and madmonkey1907 managed to dump the PlayStation Classic MTK boot ROM via serial interface and then realized the key Sony used to encrypt areas of the system was the shared public key as opposed to using a private key kept secret as it should be in this case. In other words Sony failed to secure the device by mistakes in the encryption signing process, and it's not the first time that happens. You can use this search to find the related releases so far in the download section for this hack. News spread around quickly on Twitter so mainstream outlets like arstechnica.com and hackaday.com picked up the story. Thanks goes to GaryOPA for letting me know about the BleemSync tool."

modrobert writes: "SciresM has added support for Switch firmware 6.2.0 key generation to hactool v1.2.2. Quote from Twitter: 'A new hactool release has been posted, supporting 6.2.0+ key generation.' The new tsec_root_key was retrieved through an unpublished exploit and these changes were made to add support for the new firmware. Since the keys are still kept private there is currently no custom firmware out which supports 6.2.0, so keep that in mind while avoiding the update from Nintendo. Thanks goes to hitman43 for the heads up."

modrobert writes: "René Rebe is releasing videos of his work on porting the latest stable Linux kernel 4.19.2 to PS3 (OtherOS) with installer and developing an accelerated GPU (RSX) video driver. You can find more information in the psx-place.com forum and René's channel on YouTube. At this stage this is mostly interesting for developers until there is a user-friendly installer released.

The idea is to use a scripting language (eg. Python, Perl, Bash) to call this program which will decrypt a file at given offset using a key in another file at a given offset, and finally initialization vector (IV) from a third file at given offset depending on decryption method used."

modrobert writes: "fail0verflow have continued their series of articles about PS4 hardware attacks titled 'PS4 Aux Hax', I covered part 1-3 in a previous story. This time they explore a stack buffer overflow bug in the HDMI encoder firmware when HDMI-CEC is enabled, accessed via I2C and IRQ lines while disabling HDMI encoder power switch access from syscon.

I assume Sony will mitigate this attack either by changing the southbridge chip hardware in future revisions of the PS4, or by removing the option to use HDMI-CEC (Consumer Electronics Control) in settings."

Here is the first version of remote package installer that I made a few days ago, it have no GUI yet (it just displays a splash screen), but all the job could already be done via Web API that you could access remotely from your PC using any of available tools that you prefer: a custom web server or an application, NodeJS scripts, etc. No more need to use USB flash drives or external hard drives for your packages, everything could be done remotely.

One important thing: to be able to use this tool for receiving commands you need to have this application in focus (not in a background, because PS4 will suspend it and it won't be possible to use network anymore). After you send a command (to install game, for example), wait some time (I suppose "waiting to install" phase should be finished before you do minimize/close, anyway if you experiences it then click on "View Details" in notification window, you may see "the connection to the server has been lost", if so then just relaunch/maximize application and resume task), and then you could minimize this application freely (switch to a game, for example), because actual installing (or better saying, downloading) will be running in a background.

modrobert writes: "zecoxao has released siscon which is a Syscon firmware decrypter for PS4. I've checked the source code and it requires three key related files; sys-key, sys-iv and sys-cmac which are not included. However, some keys (mirror) where leaked in previous story about the PS4 Syscon. Thanks goes to GaryOPA for the heads up about siscon."

modrobert writes: "SciresM just released Atmosphère v0.7.0 which is a work-in-progress customized firmware for the Nintendo Switch. Quote SciresM: 'Releases should be a *lot* more frequent from now on. Enjoy! :) ' Check the project page for more information. Thanks goes to pOOBAH for the heads up."

modrobert writes: "I just watched this spontaneous interview with Ben Daglish and wanted to share. Quote: 'Ben Daglish, one of the UK's greatest video game musicians died earlier this week at the age of just 52. Ben was one of the now legendary Commodore 64 Sid Chip musicians of the 1980's where the technical challenges of making any kind of meaningful sound, let alone music, were not just met, but surpassed by the likes of Rob Hubbard, Martin Galway, David Whittaker, Fred Gray and others, but also of course Ben Daglish ... This film was shot during 30 minutes of complete spontaneity in July 2013 in Max Hall's recording studio in England. Ben had been writing and recording music for the 'From Bedrooms to Billions' film soundtrack for two long days and before going home was just having a cup of tea, when suddenly we all started talking about 1980's Commodore 64 music.' Thanks goes to smf for the heads up.

modrobert writes: "Sony have finally decided to release firmware 4.83 for PS3. This turned out to be more than just GDPR compliance, got info from the PS3XPLOIT Team over at psx-place.com. Quote: 'It would appear that Sony patched one of the 2 webkit exploits we currently use to trigger ROP chains. It means that we need to replace this exploit in order to get any ps3xploit tool working on 4.83. Work is already under way, obviously no ETA at this stage ... In conclusion, the changes brought by the 4.83 update mean that anyone updating will lose usage of HAN, and possibly permanently until a kernel exploit comes out. Cfw2ofw conversions will be the only installed games that will still be working after updating.' I have updated the Ps3OsRels wiki as usual where the updates also can be downloaded (or at least could be at one point). This time there was an incremental update (PS3PATCH.PUP). In related news, Evilnat has released SEN Enabler v6.0.9. There is more new console stuff to leech in the download section if you feel like it, have a good weekend."

Quote: 'I'm back with a new tool today which has one simple aim: identify the potential OFW version on a sealed new console (obviously this wont work for secondhand or refurbished consoles). No more need to scour the internet and search forums, I have done it for you!'"

modrobert writes: "I really dislike asking for support, but we have once again reached a point where the profits from the online shop isn't enough to cover the upcoming hosting fee for the six month period October 2018 - April 2019 which is €540 total. If you feel like supporting the EurAsia website, you can do so by paying a small sum monthly via Patreon, or use Bitcoin for one time donation and badge of honor.

With the following information you can get a shell (cmd.exe) and win32 code execution on Xbox One in UWP Devkit mode. Normally you can only deploy "sandboxed" UWP containers with very limited access rights, hence this writeup.

Preamble

This is not an exploit or breakthrough of any sort. It's simply taking advantage of provided debugging features in developer mode! This is for any one who may be curious and want to reverse engineer the Xbox One.

This is also mainly provided for anyone who wants to just have a go at reversing the system. There's a lot to utilize with the public features anyway.

Prerequisites

Must be in developer-mode (obviously)

Have some form of SSH/telnet client. (PuTTy, etc)

At least have Visual Studio 2015 or 2017

To get started without putting up with developing UWP applications we can instead utilize the open SSH connection provided by the console. This is only available in developer mode, just in case you get any ideas.

If you're using Windows and will be using standard command prompt for telnet then make sure you enable it first!

modrobert writes: "TheFloW has posted an extensive write-up for the h-encore exploit chain right after Sony released firmware v3.69 for PS Vita which patched this kernel exploit. Quote: 'h-encore, where h stands for hacks and homebrews, is the second public jailbreak for the PS Vita which supports the newest firmwares 3.65, 3.67 and 3.68. It allows you to make kernel- and user-modifications, change the clock speed, install plugins, run homebrews and much more.'

[source: jjbredesen @ gbatemp.net] One of the biggest leaps in the Switch homebrew scene is here! Hardware acceleration is now possible on Switch! The newest update to LibNX will now enable homebrew developers to take advantage of the GPU, enabling massive performance gains in exciting apps. This update also opens up the possibility of emulators for more powerful systems such as Gamecube, as well as 3D homebrew apps now being possible at playable frame rates. It is safe to say that this is a massive milestone for the community. Please be aware that apps need to be updated to support the new functionality, allow developers time to adapt. Massive thanks to Armada , Plutoo and everyone else who has contributed to making this possible.

modrobert writes: "I've read the news posts at maxconsole.com and wololo.net about the alleged PS4 Syscon keys being disclosed. By the looks of it someone took the fail0verflow PS4 Aux Hax research a bit further and pasted the keys (mirror) later linked by LightningMods in a tweet. I haven't tested if the keys work, and so far no confirmation if they are valid. Let me know if you know more.

modrobert writes: "Lantus has ported MAME 0.72 to the Nintendo Switch with proper speed hacks and oldschool awesomeness. Also check his interesting video about how this port was made and reasoning behind design decisions."

modrobert writes: "Chucky has made a custom board/PCB design he calls Re-Amiga 1200 which is based on the Amiga 1200 Rev 1D.4 motherboard. Besides selling the unpopulated (empty) boards he also shares the design files if you want to make your own. Read on for list of changes compared to the original board..."

modrobert writes: "I just got word from GaryOPA about a new product for SNES Mini, you can read his story at maxconsole.com. Quote: 'We are happy to present THE must have accessory for all SNES Mini owners: Classic 2 Magic.

SNES Mini Classic is a fantastic console but has one big flaw which frustrates all of its owners: The games collection is closed and limited. Well no more! With Classic 2 Magic you can dig out your old SNES cartridges and play them directly on your SNES Mini Classic. Any game, from any region. Just plug & play!

You can also directly play game ROM files for SNES and many other different console systems on your SNES Mini Classic with Classic 2 Magic.

The Classic 2 Magic creates so many new possibilities. The name says it all, it will do magic to your SNES Mini console. And it is also compatible with the NES Mini console and Shonen Jump Mini.

BonerBoy writes: "Nasty little update that 11.8. Come to read all about it in my badly formatted FAQ, a ripoff from GBAtemp in the forum. :D Like it? [Editors note: During all my years as an admin this shitpost news submission takes the price, granted, at least you did something.]"

modrobert writes: "Team OpenXbox have just released an Xbox One SmartGlass REST server written in Python. Quote: 'SmartGlass is a remote control protocol developed by Microsoft for their Xbox gaming system. It was originally developed for the Xbox 360, where it relied on an active Xbox Live connection for communication with the console. With the Xbox One it directly communicates over the local network.' Thanks goes to tuxuser and GaryOPA for the heads up."

modrobert writes: "The Super Nintendo (Super Famicom) had several game cart releases with custom chips included to add various hardware features (aka 'coprocessor' and 'enhancement chips'). Currently redguy is developing SA1 support for SD2SNES which is an advanced open source FPGA based SNES copier (flash cart). The SA-1 core has reached private beta stage and SmokeMonster recently posted a video testing it, check this forum thread over at krikzz.com for more info. Thanks goes to babayaga for the heads up.

modrobert writes: "fail0verflow have posted a series of articles about PS4 hardware besides the main x86 cores of the APU titled 'PS4 Aux Hax'. They go through a number of PS4 chipsets starting off with Aeolia, the PS4 southbridge, then moving on to Syscon, and finally the Dualshock4. fail0verflow cover several power analysis methods such as DPA (Differential Power Analysis), CPA (Correlated Power Analysis) and glitching techniques. I find the articles really deep and interesting, huge thanks to fail0verflow for sharing. Perhaps a little bit odd there's no mention of the power analysis pioneer Colin O'Flynn and his ChipWhisperer hardware, which is hard to avoid when doing any kind of power analysis research. I was involved in a skunkworks project back in 2017, not related to PS4, but I was using ChipWhisperer, highly recommended tool."

modrobert writes: "Evilspem of the REBUG Team just posted a video on Twitter showing a four wire modchip install in action for the Nintendo Switch also known as 'SwitchMe Up!', it works by uploading payload via USB using RCM mode which then launches Hekate / Atmosphere. This open source hardware project has been going on for a while with the first board prototype posted in May 2018, the final board prototype in early July, and a more recent post with install photos from a complete working install. According to Evilsperm more info will be posted on the rebug.me site soon.

Have you got news or files to share but prefer to do so anonymously? Then add a comment to this page. The ZeroBin paste tool features AES 256 bit encryption browser side and the server has zero knowledge of the data posted.